Recently, computer has become widely available to a large segment of the society. In addition, the price of various computer related digital storage media, such as floppy diskettes and hard disks, have dropped drastically. As a result, computer has become the primary device for data entry and data storage in many applications.
One of the advantages of using digital storage media for storing data is that the data stored therein can be retrieved quickly. Another advantage of using digital storage media is that the amount of information which can be stored in a given volume of storage medium is many order of magnitude more than that can be stored in traditional storage media such as papers.
However, there are problems in using digital storage media. One of the problems in using the digital storage media for data storage is that the information stored therein can be altered easily. As a result, it is very difficult to verify the authenticity of the data stored in the computer.
One example where it is important to preserve the authenticity of the data is in accounting. Standards of accounting auditing, such as those promulgated by the Auditing Standards Board of the American Institute of CPAs, require that the integrity of the accounting data be investigated in every audit. Typically, accounting data is recorded in chronological order in a journal. If an error in recording is discovered later, a separate journal entry correcting the error is made at the time of discovery instead of altering the erroneous entry. Thus, once a journal entry is made, there is no need to alter the entry even though the entry is later found to be erroneous. Consequently, it is desirable to use a data storage device such that the data stored therein cannot be altered. The use of such a device goes a long way towards preserving the integrity of the data stored therein.
In addition to protecting the integrity of the data stored in a storage medium, it is also desirable to know the time at which the data is being stored. As an example, many organizations routinely stamp the receiving date on every correspondence received. This procedure, if carried out consistently, could have evidentiary value in a legal proceeding. It would be equally desirable to have a data storage device which automatically "stamp" the date when a piece of data is being stored in the device such that both the data and the date cannot be altered.
There are storage media, popularly known as "Write Once Read Many" media, such that the physical media change physically at the place where data have been written on it. This change is not reversible. Thus, once data is written on one of these media, the data is available only for reading and cannot be altered.
The availability of these "Write Once Read Many" media does not provide a solution to the problems mentioned above. Even though the data written on a "Write Once Read Many" medium cannot be altered, nothing prevents a person from substituting the original physical medium with a different physical medium containing altered data. Thus, it is difficult to convince a third party, such as an auditor, of the authenticity of the data recorded in such physical medium because it is difficult to know if the physical medium being inspected by the third party is the original physical medium.
Similarly, the "Write Once Read Many" media do not provide a means to verify the time at which the data is stored in the media. This is because the time written in the media by the computer, just like other data, can be altered by recording the data again on a different "Write Once Read Many" media accompanying with a new time.
Another method to improve the integrity of the data stored in a computer is to limit the access of the computer, such as using passwords, to authorized persons in an organization. As a result, only these authorized persons are able to alter the information in the computer. Further, various encryption schemes can be applied to the data so that only those persons who possess the key of the encryption scheme is able to alter the data. However, in those situations where it is necessary to verify beyond a reasonable doubt that no person, authorized or not, is able to alter the data, limiting the access or the use of encryption scheme would not suffice to remove the possibility that one of the authorized persons may have altered the information stored in the computer.